Re: Adding support for SE-Linux security

Robert Haas wrote:
> On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> > 2009/12/9 Bruce Momjian <bruce(at)momjian(dot)us>:
> >> I frankly think the patch should be thought of as the SE-Linux-specific
> >> directory files, which KaiGai can maintain, and the other parts, which I
> >> think I can handle.
> >
> > I think that's a horribly bad idea.
>
> Me, too. The ECPG comparison is apt, except that this code is far
> more deeply integrated into core. The idea that the SE-Linux
> directory files can be maintained separately from the "other parts"
> does not seem realistic to me. The problems that are going to occur
> here are things like: somebody wants to rearrange some part of the
> permissions checking for some reason. So they move a bunch of code
> around and break SE-PostgreSQL. Someone has to review that patch and
> understand the danger it causes. That's going to require
> understanding both the SE-PostgreSQL-specific files and the other
> parts, and the relationship between the two of them.

We did something similar for Win32 because it was the only way to do it.
We don't have the luxury of educating our developers on SE-Linux API for
a while --- there is the ideal world, and there is reality. What this
means is that SE-Linux would break when permissions changes happen, and
the SE-Linux folks will have to come in and clean things up later.

If you want to avoid all good reasons for this features and are looking
for reasons why this patch is a bad idea, I am sure you can find them.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +